The Different Types Of Penetration Tests

Network Penetration Testing involves a team attempting to break into your network or servers. This is what jumps into the minds of most firewall people, security admins, operations teams, and IT security groups when you say “penetration test”.

Network pentests involve tools, a (usually somewhat proprietary) grab-bag of tricks and exploits, network scanning, social engineering, port scanning, OS versions, Metasploit and CORE, or what-have-you.

The value of net pentests is identifying weak-leak dependencies between servers that you wouldn’t have thought of. For instance, a trust relationship between two otherwise locked-down machines, perhaps based on Active Directory credentials and local security policy or mapped network drives. These problems are hard to detect with automated tools, originate from the kinds of operational compromises that happen all the time in large enterprises, and are best smoked out with a set of “fresh eyes”.